Remove deprecated keystone::federation::openidc params

These params has been deprecated. Also removes the keystone_url behavior where it doesn't fallback on keystone::public_endpoint anymore. Change-Id: I52b4c2a2911007b516a6ea20229a3579bc9dd945
2019-05-10 17:11:07 +02:00 · 2019-05-10 17:11:07 +02:00 · b081ee8e25
commit b081ee8e25
parent a4ff243d8a
4 changed files with 19 additions and 40 deletions
--- a/manifests/federation/openidc.pp
+++ b/manifests/federation/openidc.pp
@ -2,6 +2,9 @@
 #
 # == Parameters
 #
+# [*keystone_url*]
+#  (Required) URL to keystone endpoint.
+#
 # [*methods*]
 #  A list of methods used for authentication separated by comma or an array.
 #  The allowed values are: 'external', 'password', 'token', 'oauth1', 'saml2',
@ -89,26 +92,12 @@
 #  (Optional) Defaults to 331.
 #
 # [*package_ensure*]
-#   (Optional) Desired ensure state of packages.
-#   accepts latest or specific versions.
-#   Defaults to present.
-#
-# [*keystone_url*]
-#   (optional) URL to keystone endpoint.
-#
-# === DEPRECATED
-#
-# [*admin_port*]
-#  A boolean value to ensure that you want to configure openidc Federation
-#  using Keystone VirtualHost on port 35357.
-#  (Optional) Defaults to undef.
-#
-# [*main_port*]
-#  A boolean value to ensure that you want to configure openidc Federation
-#  using Keystone VirtualHost on port 5000.
-#  (Optional) Defaults to undef.
+#  (Optional) Desired ensure state of packages.
+#  accepts latest or specific versions.
+#  Defaults to present.
 #
 class keystone::federation::openidc (
+  $keystone_url,
  $methods,
  $idp_name,
  $openidc_provider_metadata_url,
@ -129,29 +118,12 @@ class keystone::federation::openidc (
  $remote_id_attribute            = undef,
  $template_order                 = 331,
  $package_ensure                 = present,
-  $keystone_url                   = undef,
-  # DEPRECATED
-  $admin_port                     = undef,
-  $main_port                      = undef,
 ) {

  include ::apache
  include ::keystone::deps
  include ::keystone::params

-  # TODO(tobias-urdin): Make keystone_url required when keystone::public_endpoint is removed.
-  # Dont forget to change the keystone_url_real variable in the templates/openidc.conf.rb file.
-  # The fail statement below can also be removed since keystone_url will be a required parameter.
-  $keystone_url_real = pick($keystone_url, $::keystone::public_endpoint)
-
-  if $keystone_url_real == undef or is_service_default($keystone_url_real) {
-    fail('You must set either keystone_url or keystone::public_endpoint')
-  }
-
-  if $admin_port or $main_port {
-    warning('keystone::federation::openidc::admin_port and main_port are deprecated and have no effect')
-  }
-
  if $openidc_enable_oauth and !$openidc_introspection_endpoint {
    fail('You must set openidc_introspection_endpoint when enabling oauth support')
  }
--- a/releasenotes/notes/remove-deprecated-openidc-845cea167976f90e.yaml
+++ b/releasenotes/notes/remove-deprecated-openidc-845cea167976f90e.yaml
@ -0,0 +1,8 @@
+---
+upgrade:
+  - |
+    The deprecated parameters main_port and admin_port in keystone::federation::openidc
+    is now removed.
+  - |
+    The keystone::federation::openidc::keystone_url parameter is now mandatory and does
+    not fallback on the keystone::public_endpoint value.
--- a/spec/classes/keystone_federation_openidc_spec.rb
+++ b/spec/classes/keystone_federation_openidc_spec.rb
@ -10,8 +10,6 @@ describe 'keystone::federation::openidc' do
    <<-EOS
    class { 'keystone':
      admin_token => 'service_token',
-      public_endpoint => 'http://os.example.com:5000',
-      admin_endpoint => 'http://os.example.com:35357',
    }

    include keystone::wsgi::apache
@ -19,7 +17,8 @@ describe 'keystone::federation::openidc' do
  end

  let :params do
-    { :methods => 'password, token, openid',
+    { :keystone_url => 'http://localhost:5000',
+      :methods => 'password, token, openid',
      :idp_name => 'myidp',
      :openidc_provider_metadata_url => 'https://accounts.google.com/.well-known/openid-configuration',
      :openidc_client_id => 'openid_client_id',
--- a/templates/openidc.conf.erb
+++ b/templates/openidc.conf.erb
@ -34,8 +34,8 @@

  # The following directives are necessary to support websso from Horizon
  # (Per https://docs.openstack.org/keystone/pike/advanced-topics/federation/websso.html)
-  OIDCRedirectURI "<%= @keystone_url_real -%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
-  OIDCRedirectURI "<%= @keystone_url_real -%>/v3/auth/OS-FEDERATION/websso/openid"
+  OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/identity_providers/<%= scope['keystone::federation::openidc::idp_name']-%>/protocols/openid/websso"
+  OIDCRedirectURI "<%= @keystone_url -%>/v3/auth/OS-FEDERATION/websso/openid"

  <LocationMatch "/v3/auth/OS-FEDERATION/websso/openid">
      AuthType "openid-connect"